<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta content="Cask Data, Inc." name="author" />
<meta content="HTTP RESTful Interface to the Cask Data Application Platform" name="description" />
<meta content="Copyright © 2017 Cask Data, Inc." name="copyright" />


    <meta name="git_release" content="6.1.1">
    <meta name="git_hash" content="05fbac36f9f7aadeb44f5728cea35136dbc243e5">
    <meta name="git_timestamp" content="2020-02-09 08:22:47 +0800">
    <title>Security HTTP RESTful API</title>

    <link rel="stylesheet" href="../_static/cdap-bootstrap.css" type="text/css" />
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    <link rel="stylesheet" href="../_static/bootstrap-3.3.6/css/bootstrap.min.css" type="text/css" />
    <link rel="stylesheet" href="../_static/bootstrap-3.3.6/css/bootstrap-theme.min.css" type="text/css" />
    <link rel="stylesheet" href="../_static/css/bootstrap-sphinx.css" type="text/css" />
    <link rel="stylesheet" href="../_static/css/cdap-dynamicscrollspy-4.css" type="text/css" />
    <link rel="stylesheet" href="../_static/css/jquery.mCustomScrollbar.css" type="text/css" />
    <link rel="stylesheet" href="../_static/css/cdap-jquery.mCustomScrollbar.css" type="text/css" />
    <link rel="stylesheet" href="../_static/css/abixTreeList-2.css" type="text/css" />
    <link rel="stylesheet" href="../_static/cdap-bootstrap.css" type="text/css" />

    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '',
        VERSION:     '6.1.1',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  false
      };
    </script>
    <script type="text/javascript" src="../_static/jquery.js"></script>
    <script type="text/javascript" src="../_static/underscore.js"></script>
    <script type="text/javascript" src="../_static/doctools.js"></script>
    <script type="text/javascript" src="../_static/language_data.js"></script>

    <link rel="shortcut icon" href="../_static/favicon.ico"/>
    <link rel="index" title="Index" href="../genindex.html" />
    <link rel="search" title="Search" href="../search.html" />
    <link rel="top" title="Cask Data Application Platform 6.1.1 Documentation" href="../index.html" />
    <link rel="up" title="CDAP HTTP RESTful API v3" href="index.html" />
    <link rel="next" title="Service HTTP RESTful API" href="service.html" />
    <link rel="prev" title="Reports HTTP RESTful API" href="reports.html" />
    <!-- block extrahead -->
    <meta charset='utf-8'>
    <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
    <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
    <meta name="apple-mobile-web-app-capable" content="yes">
    <!-- block extrahead end -->

</head>
<body role="document">

<!-- block navbar -->
<div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top">
    <div class="container-fluid">
      <div class="row">
        <div class="navbar-header">
          <!-- .btn-navbar is used as the toggle for collapsed navbar content -->
          <a class="navbar-brand" href="../table-of-contents/../../index.html">
            <span><img alt="CDAP logo" src="../_static/cdap_logo.svg"/></span>
          </a>

          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>

          <div class="pull-right">
            <div class="dropdown version-dropdown">
              <a href="#" class="dropdown-toggle" data-toggle="dropdown"
                role="button" aria-haspopup="true" aria-expanded="false">
                v 6.1.1 <span class="caret"></span>
              </a>
              <ul class="dropdown-menu">
                <li><a href="//docs.cdap.io/cdap/5.1.2/en/index.html">v 5.1.2</a></li>
                <li><a href="//docs.cdap.io/cdap/4.3.4/en/index.html">v 4.3.4</a></li>
              </ul>
            </div>
          </div>
          <form class="navbar-form navbar-right navbar-search" action="../search.html" method="get">
            <div class="form-group">
              <div class="navbar-search-image material-icons"></div>
              <input type="text" name="q" class="form-control" placeholder="  Search" />
            </div>
            <input type="hidden" name="check_keywords" value="yes" />
            <input type="hidden" name="area" value="default" />
          </form>

          <div class="collapse navbar-collapse nav-collapse navbar-right navbar-navigation">
            <ul class="nav navbar-nav"><li class="docsite-nav-tab-container"><a class="docsite-nav-tab-link " href="../table-of-contents/../../index.html">简介</a></li><li class="docsite-nav-tab-container"><a class="docsite-nav-tab-link " href="../table-of-contents/../../guides.html">手册</a></li><li class="docsite-nav-tab-container"><a class="docsite-nav-tab-link current" href="../table-of-contents/../../reference-manual/index.html">参考</a></li><li class="docsite-nav-tab-container"><a class="docsite-nav-tab-link " href="../table-of-contents/../../faqs/index.html">帮助</a></li>
            </ul>
          </div>

        </div>
      </div>
    </div>
  </div><!-- block navbar end -->
<!-- block main content -->
<div class="main-container container">
  <div class="row"><div class="col-md-2">
      <div id="sidebar" class="bs-sidenav scrollable-y-outside" role="complementary">
<!-- theme_manual: reference-manual -->
<!-- theme_manual_highlight: reference -->
<!-- sidebar_title_link: Reference -->

  <div role="note" aria-label="manuals links"><h3>Reference</h3>
    <ul class="reference-page-menu">
      <nav class="pagenav">
      <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html"> Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../characters.html"> Supported Characters</a></li>
<li class="toctree-l1"><a class="reference internal" href="../cli-api.html"> Command Line Interface API</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html"> HTTP RESTful API</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="introduction.html">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="artifact.html">Artifact</a></li>
<li class="toctree-l2"><a class="reference internal" href="configuration.html">Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="dataset.html">Dataset</a></li>
<li class="toctree-l2"><a class="reference internal" href="lifecycle.html">Lifecycle</a></li>
<li class="toctree-l2"><a class="reference internal" href="logging.html">Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="metadata.html">Metadata</a></li>
<li class="toctree-l2"><a class="reference internal" href="metrics.html">Metrics</a></li>
<li class="toctree-l2"><a class="reference internal" href="monitor.html">Monitor</a></li>
<li class="toctree-l2"><a class="reference internal" href="namespace.html">Namespace</a></li>
<li class="toctree-l2"><a class="reference internal" href="dashboard.html">Dashboard</a></li>
<li class="toctree-l2"><a class="reference internal" href="preferences.html">Preferences</a></li>
<li class="toctree-l2"><a class="reference internal" href="profile.html">Profile</a></li>
<li class="toctree-l2"><a class="reference internal" href="query.html">Query</a></li>
<li class="toctree-l2"><a class="reference internal" href="reports.html">Reports</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="service.html">Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="transactions.html">Transactions</a></li>
<li class="toctree-l2"><a class="reference internal" href="workflow.html">Workflow</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../java-client-api.html"> Java Client API</a></li>
<li class="toctree-l1"><a class="reference internal" href="../javadocs/index.html"> Javadocs</a></li>
<li class="toctree-l1"><a class="reference internal" href="../release-notes.html"> 发行说明</a></li>
<li class="toctree-l1"><a class="reference internal" href="../licenses/index.html"> Trademarks, Licenses, and Dependencies</a></li>
<li class="toctree-l1"><a class="reference internal" href="../glossary.html"> 术语表</a></li>
<li class="toctree-l1"><a class="reference internal" href="../genindex.html"> Index</a></li>
</ul>
</nav>
    </ul>
  </div></div>
    </div><div class="col-md-8 content" id="main-content">
    
  <div class="section" id="security-http-restful-api">
<span id="http-restful-api-security"></span><h1>Security HTTP RESTful API<a class="headerlink" href="#security-http-restful-api" title="Permalink to this headline">🔗</a></h1>
<p>Use the Security HTTP RESTful API to manage privileges (authorization) of users on CDAP
entities as well as manage secure storage.</p>
<p>The HTTP RESTful API is divided into:</p>
<ul class="simple">
<li><a class="reference internal" href="#http-restful-api-authorization"><span class="std std-ref">Authorization</span></a></li>
<li><a class="reference internal" href="#http-restful-api-secure-storage"><span class="std std-ref">Secure Storage</span></a></li>
</ul>
<p>All methods or endpoints described in this API have a base URL (typically
<code class="docutils literal notranslate"><span class="pre">http://&lt;host&gt;:11015</span></code> or <code class="docutils literal notranslate"><span class="pre">https://&lt;host&gt;:10443</span></code>) that precedes the resource
identifier, as described in the <a class="reference internal" href="introduction.html#http-restful-api-conventions-base-url"><span class="std std-ref">RESTful API Conventions</span></a>.
These methods return a status code, as listed in the <a class="reference internal" href="introduction.html#http-restful-api-status-codes"><span class="std std-ref">RESTful API  Status Codes</span></a>.</p>
<div class="section" id="authorization">
<span id="http-restful-api-authorization"></span><h2>Authorization<a class="headerlink" href="#authorization" title="Permalink to this headline">🔗</a></h2>
<p>Use the CDAP Authorization HTTP RESTful API to grant, revoke, and list privileges on CDAP
entities. Details about authorization in CDAP can be found at <a class="reference external" href="../../../admin-manual/security/authorization.html#admin-authorization" title="(in Cask Data Application Platform v6.1.1)"><span class="xref std std-ref">Admin’ Manual:
Authorization</span></a>.</p>
<p>In this API, a JSON-formatted body is used that contains the principal, the CDAP authorizable, and the privileges to
be granted:</p>
<div class="highlight-json notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>
  <span class="nt">&quot;authorizable&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="nt">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;DATASET&quot;</span><span class="p">,</span>
    <span class="nt">&quot;entityParts&quot;</span><span class="p">:</span> <span class="p">{</span><span class="nt">&quot;NAMESPACE&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span> <span class="nt">&quot;DATASET&quot;</span><span class="p">:</span> <span class="s2">&quot;dataset&quot;</span><span class="p">}</span>
  <span class="p">},</span>
  <span class="nt">&quot;principal&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="nt">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;admin&quot;</span><span class="p">,</span>
    <span class="nt">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ROLE&quot;</span>
  <span class="p">},</span>
  <span class="nt">&quot;actions&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;READ&quot;</span><span class="p">,</span> <span class="s2">&quot;WRITE&quot;</span><span class="p">,</span> <span class="s2">&quot;ADMIN&quot;</span><span class="p">]</span>
<span class="p">}</span>
</pre></div>
</div>
<p>In the above JSON body, the <code class="docutils literal notranslate"><span class="pre">authorizable</span></code> object is the JSON-serialized form of the CDAP
<a class="reference external" href="https://github.com/cdapio/cdap/blob/develop/cdap-proto/src/main/java/io/cdap/cdap/proto/id/Authorizable.java">Authorizable</a> class.—for example, for datasets, its entity type is DATASET and it can be constructed by the namespace and dataset name.
More info can be found at the <a class="reference external" href="https://github.com/cdapio/cdap/blob/develop/cdap-proto/src/main/java/io/cdap/cdap/proto/id/Authorizable.java">DatasetId</a>
class. In entity parts, the name of the entity can be represented using wildcard by including * and ? in the name.
For example, <code class="docutils literal notranslate"><span class="pre">ns*</span></code> represents all namespaces that starts with <code class="docutils literal notranslate"><span class="pre">ns</span></code>.
<code class="docutils literal notranslate"><span class="pre">ns?</span></code> represents all namespaces that starts with <code class="docutils literal notranslate"><span class="pre">ns</span></code> and follows by a single character.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">principal</span></code> object refers to the principal that you want to grant the privileges to.
Principals have a <code class="docutils literal notranslate"><span class="pre">name</span></code> and a <code class="docutils literal notranslate"><span class="pre">type</span></code>. The supported types are <code class="docutils literal notranslate"><span class="pre">USER</span></code>, <code class="docutils literal notranslate"><span class="pre">GROUP</span></code> and <code class="docutils literal notranslate"><span class="pre">ROLE</span></code>.</p>
<p><strong>Please note that</strong> the REST endpoints have only been created for supporting <a class="reference external" href="../../../integrations/apache-sentry.html#apache-sentry" title="(in Cask Data Application Platform v6.1.1)"><span class="xref std std-ref">Apache Sentry</span></a>.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">actions</span></code> list contains the actions you want to grant the <code class="docutils literal notranslate"><span class="pre">principal</span></code> on the
<code class="docutils literal notranslate"><span class="pre">entity</span></code>. The supported actions are <code class="docutils literal notranslate"><span class="pre">READ</span></code>, <code class="docutils literal notranslate"><span class="pre">WRITE</span></code>, <code class="docutils literal notranslate"><span class="pre">ADMIN</span></code>, and <code class="docutils literal notranslate"><span class="pre">EXECUTE</span></code>.</p>
<div class="section" id="grant-privileges">
<span id="http-restful-api-security-auth-grant"></span><h3>Grant Privileges<a class="headerlink" href="#grant-privileges" title="Permalink to this headline">🔗</a></h3>
<p>You can grant privileges to a principal on a CDAP Entity by making an HTTP POST request to
the URL:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">POST /v3/security/authorization/privileges/grant</span>
</pre></div>
</div>
<p>with JSON-formatted body that contains the principal, the CDAP entity, and the actions to
be granted, such as:</p>
<div class="highlight-json notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>
  <span class="nt">&quot;authorizable&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="nt">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;DATASET&quot;</span><span class="p">,</span>
    <span class="nt">&quot;entityParts&quot;</span><span class="p">:</span> <span class="p">{</span><span class="nt">&quot;NAMESPACE&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span> <span class="nt">&quot;DATASET&quot;</span><span class="p">:</span> <span class="s2">&quot;dataset&quot;</span><span class="p">}</span>
  <span class="p">},</span>
  <span class="nt">&quot;principal&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="nt">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;admin&quot;</span><span class="p">,</span>
    <span class="nt">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ROLE&quot;</span>
  <span class="p">},</span>
  <span class="nt">&quot;actions&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;READ&quot;</span><span class="p">,</span> <span class="s2">&quot;WRITE&quot;</span><span class="p">,</span> <span class="s2">&quot;ADMIN&quot;</span><span class="p">]</span>
<span class="p">}</span>
</pre></div>
</div>
<ul class="simple">
<li>Granting privileges is only supported for <code class="docutils literal notranslate"><span class="pre">ROLE</span></code> type.</li>
</ul>
<p class="rubric">HTTP Responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Status Codes</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">200</span> <span class="pre">OK</span></code></td>
<td>Privileges were successfully granted for the specified principal</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="revoke-privileges">
<span id="http-restful-api-security-auth-revoke"></span><h3>Revoke Privileges<a class="headerlink" href="#revoke-privileges" title="Permalink to this headline">🔗</a></h3>
<p>You can revoke privileges for a principal on a CDAP Entity by making an HTTP POST request to the URL:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">POST /v3/security/authorization/privileges/revoke</span>
</pre></div>
</div>
<p>with JSON-formatted body that contains the principal, the CDAP entity and the actions to be revoked:</p>
<div class="highlight-json notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>
  <span class="nt">&quot;authorizable&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="nt">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;DATASET&quot;</span><span class="p">,</span>
    <span class="nt">&quot;entityParts&quot;</span><span class="p">:</span> <span class="p">{</span><span class="nt">&quot;NAMESPACE&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span> <span class="nt">&quot;DATASET&quot;</span><span class="p">:</span> <span class="s2">&quot;dataset&quot;</span><span class="p">}</span>
  <span class="p">},</span>
  <span class="nt">&quot;principal&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="nt">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;admin&quot;</span><span class="p">,</span>
    <span class="nt">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ROLE&quot;</span>
  <span class="p">},</span>
  <span class="nt">&quot;actions&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;READ&quot;</span><span class="p">,</span> <span class="s2">&quot;WRITE&quot;</span><span class="p">,</span> <span class="s2">&quot;ADMIN&quot;</span><span class="p">]</span>
<span class="p">}</span>
</pre></div>
</div>
<p>The <code class="docutils literal notranslate"><span class="pre">authorizable</span></code> object is mandatory in a revoke request.</p>
<ul class="simple">
<li>If both <code class="docutils literal notranslate"><span class="pre">principal</span></code> and <code class="docutils literal notranslate"><span class="pre">actions</span></code> are not provided, then the API revokes all
privileges on the specified entity for all principals.</li>
<li>If <code class="docutils literal notranslate"><span class="pre">authorizable</span></code> and <code class="docutils literal notranslate"><span class="pre">principal</span></code> are provided, but <code class="docutils literal notranslate"><span class="pre">actions</span></code> is not, the API revokes
all actions (<code class="docutils literal notranslate"><span class="pre">READ</span></code>, <code class="docutils literal notranslate"><span class="pre">WRITE</span></code>, <code class="docutils literal notranslate"><span class="pre">ADMIN</span></code>, and <code class="docutils literal notranslate"><span class="pre">EXECUTE</span></code>) on the specified entity for
the specified principal.</li>
<li>Revoking privileges is only supported for <code class="docutils literal notranslate"><span class="pre">ROLE</span></code> type.</li>
</ul>
<p class="rubric">HTTP Responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Status Codes</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">200</span> <span class="pre">OK</span></code></td>
<td>Privileges were successfully revoked</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="list-privileges">
<span id="http-restful-api-security-auth-list"></span><h3>List Privileges<a class="headerlink" href="#list-privileges" title="Permalink to this headline">🔗</a></h3>
<p>You can list all privileges for a principal on all CDAP entities by making an HTTP GET request to the URL:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">GET /v3/security/authorization/&lt;principal-type&gt;/&lt;principal-name&gt;/privileges</span>
</pre></div>
</div>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">principal-type</span></code></td>
<td>The principal type, one of <code class="docutils literal notranslate"><span class="pre">USER</span></code>, <code class="docutils literal notranslate"><span class="pre">GROUP</span></code>, or <code class="docutils literal notranslate"><span class="pre">ROLE</span></code></td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">principal-name</span></code></td>
<td>Name of the principal</td>
</tr>
</tbody>
</table>
<p class="rubric">HTTP Responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Status Codes</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">200</span> <span class="pre">OK</span></code></td>
<td>Privileges were successfully listed for the specified principal</td>
</tr>
</tbody>
</table>
<p>This will return a JSON array that lists each privilege for the principal with its <code class="docutils literal notranslate"><span class="pre">authorizable</span></code> and <code class="docutils literal notranslate"><span class="pre">action</span></code>.
Example output (pretty-printed):</p>
<div class="highlight-json notranslate"><div class="highlight"><pre><span></span><span class="p">[</span>
  <span class="p">{</span>
    <span class="nt">&quot;authorizable&quot;</span><span class="p">:</span> <span class="p">{</span>
      <span class="nt">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;DATASET&quot;</span><span class="p">,</span>
      <span class="nt">&quot;entityParts&quot;</span><span class="p">:</span> <span class="p">{</span><span class="nt">&quot;NAMESPACE&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span> <span class="nt">&quot;DATASET&quot;</span><span class="p">:</span> <span class="s2">&quot;dataset&quot;</span><span class="p">}</span>
    <span class="p">},</span>
    <span class="nt">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;WRITE&quot;</span>
  <span class="p">},</span>
  <span class="p">{</span>
    <span class="nt">&quot;authorizable&quot;</span><span class="p">:</span> <span class="p">{</span>
      <span class="nt">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;NAMESPACE&quot;</span><span class="p">,</span>
      <span class="nt">&quot;entityParts&quot;</span><span class="p">:</span> <span class="p">{</span><span class="nt">&quot;NAMESPACE&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">}</span>
    <span class="p">},</span>
    <span class="nt">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;READ&quot;</span>
  <span class="p">},</span>
  <span class="p">{</span>
    <span class="nt">&quot;authorizable&quot;</span><span class="p">:</span> <span class="p">{</span>
      <span class="nt">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;PROGRAM&quot;</span><span class="p">,</span>
      <span class="nt">&quot;entityParts&quot;</span><span class="p">:{</span><span class="nt">&quot;NAMESPACE&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span> <span class="nt">&quot;APPLICATION&quot;</span><span class="p">:</span> <span class="s2">&quot;SportResults&quot;</span><span class="p">,</span> <span class="nt">&quot;PROGRAM&quot;</span><span class="p">:</span> <span class="s2">&quot;service.UploadService&quot;</span><span class="p">}</span>
    <span class="p">},</span>
    <span class="nt">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;EXECUTE&quot;</span>
  <span class="p">}</span>
<span class="p">]</span>
</pre></div>
</div>
<ul class="simple">
<li>Listing privileges are supported for <code class="docutils literal notranslate"><span class="pre">USER</span></code>, <code class="docutils literal notranslate"><span class="pre">GROUP</span></code> and <code class="docutils literal notranslate"><span class="pre">ROLE</span></code> type.</li>
</ul>
</div>
</div>
<div class="section" id="secure-storage">
<span id="http-restful-api-secure-storage"></span><h2>Secure Storage<a class="headerlink" href="#secure-storage" title="Permalink to this headline">🔗</a></h2>
<p>Use the Secure Storage HTTP RESTful API to create, retrieve, and delete secure keys.
Details about secure storage and secure keys in CDAP can be found in <a class="reference external" href="../../../admin-manual/security/secure-storage.html#admin-secure-storage" title="(in Cask Data Application Platform v6.1.1)"><span class="xref std std-ref">Administration
Manual: Secure Storage</span></a>.</p>
<p><strong>Note:</strong> In CDAP 3.5.0, encryption and decryption of the contents only happens at the
secure store, not while the data is transitting to the secure store. In a later version of
CDAP, all transport involving secure keys will be secured using SSL.</p>
<div class="section" id="add-a-secure-key">
<span id="http-restful-api-security-secure-storage-add"></span><h3>Add a Secure Key<a class="headerlink" href="#add-a-secure-key" title="Permalink to this headline">🔗</a></h3>
<p>You can add a secure key to secure storage by making an HTTP PUT request to the URL:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">PUT /v3/namespaces/&lt;namespace-id&gt;/securekeys/&lt;secure-key-id&gt;</span>
</pre></div>
</div>
<p>with a JSON-formatted body that contains the description of the key, the data to be stored
under the key, and a map of properties associated with the key:</p>
<div class="highlight-json notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>
  <span class="nt">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Example Secure Key&quot;</span><span class="p">,</span>
  <span class="nt">&quot;data&quot;</span><span class="p">:</span> <span class="s2">&quot;&lt;secure-contents&gt;&quot;</span><span class="p">,</span>
  <span class="nt">&quot;properties&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="nt">&quot;&lt;property-key&gt;&quot;</span><span class="p">:</span> <span class="s2">&quot;&lt;property-value&gt;&quot;</span>
  <span class="p">}</span>
<span class="p">}</span>
</pre></div>
</div>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">namespace-id</span></code></td>
<td>Namespace ID</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">secure-key-id</span></code></td>
<td>Name of the key to add to secure storage</td>
</tr>
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">secure-contents</span></code></td>
<td>String data to be added under the key</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">property-key</span></code></td>
<td>Name of a property key to associate with the secure key</td>
</tr>
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">property-value</span></code></td>
<td>Value associated with the property key</td>
</tr>
</tbody>
</table>
<p class="rubric">HTTP Responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Status Codes</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">200</span> <span class="pre">OK</span></code></td>
<td>The secure key was successfully added to secure storage</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">400</span> <span class="pre">BAD</span> <span class="pre">REQUEST</span></code></td>
<td>An incorrectly-formatted body was sent with the request or the <code class="docutils literal notranslate"><span class="pre">data</span></code> field in
the request was empty or not present</td>
</tr>
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">404</span> <span class="pre">NOT</span> <span class="pre">FOUND</span></code></td>
<td>The namespace specified in the request does not exist</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="retrieve-a-secure-key">
<span id="http-restful-api-security-secure-storage-retrieve"></span><h3>Retrieve a Secure Key<a class="headerlink" href="#retrieve-a-secure-key" title="Permalink to this headline">🔗</a></h3>
<p>You can retrieve a secure key from secure storage by making an HTTP GET request to the URL:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">GET /v3/namespaces/&lt;namespace-id&gt;/securekeys/&lt;secure-key-id&gt;</span>
</pre></div>
</div>
<p>with the data of the secure key returned as text, passed in the response body.</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">namespace-id</span></code></td>
<td>Namespace ID</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">secure-key-id</span></code></td>
<td>Name of the key to retrieve from secure storage</td>
</tr>
</tbody>
</table>
<p class="rubric">HTTP Responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Status Codes</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">200</span> <span class="pre">OK</span></code></td>
<td>The secure key was successfully retrieved</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">404</span> <span class="pre">NOT</span> <span class="pre">FOUND</span></code></td>
<td>The namespace specified in the request does not exist or the secure key with that
name does not exist in that namespace</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="retrieve-the-metadata-for-a-secure-key">
<span id="http-restful-api-security-secure-storage-retrieve-metadata"></span><h3>Retrieve the Metadata for a Secure Key<a class="headerlink" href="#retrieve-the-metadata-for-a-secure-key" title="Permalink to this headline">🔗</a></h3>
<p>You can retrieve just the metadata for a secure key from secure storage by making an HTTP GET request to the URL:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">GET /v3/namespaces/&lt;namespace-id&gt;/securekeys/&lt;secure-key-id&gt;/metadata</span>
</pre></div>
</div>
<p>with the metadata of the secure key returned as a JSON object—name (the
<code class="docutils literal notranslate"><span class="pre">secure-key-id</span></code>), description, created timestamp, and the map of properties—passed in the response body, shown here pretty-printed:</p>
<div class="highlight-json notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>
  <span class="nt">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;&lt;secure-key-id&gt;&quot;</span><span class="p">,</span>
  <span class="nt">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Example Secure Key&quot;</span><span class="p">,</span>
  <span class="nt">&quot;createdEpochMs&quot;</span><span class="p">:</span> <span class="mi">1471718010326</span><span class="p">,</span>
  <span class="nt">&quot;properties&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="nt">&quot;property-key&quot;</span><span class="p">:</span> <span class="s2">&quot;property-value&quot;</span>
  <span class="p">}</span>
<span class="p">}</span>
</pre></div>
</div>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">namespace-id</span></code></td>
<td>Namespace ID</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">secure-key-id</span></code></td>
<td>Name of the key to retrieve from secure storage</td>
</tr>
</tbody>
</table>
<p class="rubric">HTTP Responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Status Codes</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">200</span> <span class="pre">OK</span></code></td>
<td>Metadata for the secure key was successfully retrieved</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">404</span> <span class="pre">NOT</span> <span class="pre">FOUND</span></code></td>
<td>The namespace specified in the request does not exist or a secure key by the
specified name does not exist in the specified namespace</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="list-all-secure-keys">
<span id="http-restful-api-security-secure-storage-list"></span><h3>List all Secure Keys<a class="headerlink" href="#list-all-secure-keys" title="Permalink to this headline">🔗</a></h3>
<p>You can retrieve all the keys in a namespace from secure storage by making an HTTP GET request to the URL:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">GET /v3/namespaces/&lt;namespace-id&gt;/securekeys</span>
</pre></div>
</div>
<p>with the secure keys in the namespace returned as a JSON string map of string-string pairs, passed
in the response body (shown here pretty-printed):</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">{</span>
<span class="go">  secure-key-id-1: secure key description,</span>
<span class="go">  secure-key-id-2: secure key description,</span>
<span class="go">  ...</span>
<span class="go">}</span>
</pre></div>
</div>
<p>such as (depending on what was stored):</p>
<div class="highlight-json-ellipsis notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>
  <span class="nt">&quot;securekey&quot;</span><span class="p">:</span> <span class="s2">&quot;secure key description&quot;</span><span class="p">,</span>
  <span class="nt">&quot;password&quot;</span><span class="p">:</span> <span class="s2">&quot;password description&quot;</span><span class="p">,</span>
  <span class="c">...</span>
<span class="p">}</span>
</pre></div>
</div>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">namespace-id</span></code></td>
<td>Namespace ID</td>
</tr>
</tbody>
</table>
<p class="rubric">HTTP Responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Status Codes</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">200</span> <span class="pre">OK</span></code></td>
<td>The keys were successfully retrieved</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">404</span> <span class="pre">NOT</span> <span class="pre">FOUND</span></code></td>
<td>The namespace specified in the request does not exist</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="remove-a-secure-key">
<span id="http-restful-api-security-secure-storage-remove"></span><h3>Remove a Secure Key<a class="headerlink" href="#remove-a-secure-key" title="Permalink to this headline">🔗</a></h3>
<p>You can remove a secure key from secure storage by making an HTTP DELETE request to the URL:</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="go">DELETE /v3/namespaces/&lt;namespace-id&gt;/securekeys/&lt;secure-key-id&gt;</span>
</pre></div>
</div>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Parameter</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">namespace-id</span></code></td>
<td>Namespace ID</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">secure-key-id</span></code></td>
<td>Name of the key to remove from secure storage</td>
</tr>
</tbody>
</table>
<p class="rubric">HTTP Responses</p>
<table border="1" class="docutils">
<colgroup>
<col width="20%" />
<col width="80%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Status Codes</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><code class="docutils literal notranslate"><span class="pre">200</span> <span class="pre">OK</span></code></td>
<td>The key was successfully removed</td>
</tr>
<tr class="row-odd"><td><code class="docutils literal notranslate"><span class="pre">404</span> <span class="pre">NOT</span> <span class="pre">FOUND</span></code></td>
<td>The namespace specified in the request does not exist or a secure key by the
specified name does not exist in the specified namespace</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

</div>
    <div class="col-md-2">
      <div id="right-sidebar" class="bs-sidenav scrollable-y" role="complementary">
        <div id="localtoc-scrollspy">
        </div>
      </div>
    </div></div>
</div>
<!-- block main content end -->
<!-- block footer -->
<footer class="footer">
      <div class="container">
        <div class="row">
          <div class="col-md-2 footer-left"><a title="Reports HTTP RESTful API" href="reports.html" />Previous</a></div>
          <div class="col-md-8 footer-center"><a class="footer-tab-link" href="../table-of-contents/../../reference-manual/licenses/index.html">Copyright</a> &copy; 2014-2020 Cask Data, Inc.&bull; <a class="footer-tab-link" href="//docs.cask.co/cdap/6.1.1/cdap-docs-6.1.1-web.zip" rel="nofollow">Download</a> an archive or
<a class="footer-tab-link" href="//docs.cask.co/cdap">switch the version</a> of the documentation
          </div>
          <div class="col-md-2 footer-right"><a title="Service HTTP RESTful API" href="service.html" />Next</a></div>
        </div>
      </div>
    </footer>
<!-- block footer end -->
<script type="text/javascript" src="../_static/bootstrap-3.3.6/js/bootstrap.min.js"></script><script type="text/javascript" src="../_static/js/bootstrap-sphinx.js"></script><script type="text/javascript" src="../_static/js/abixTreeList-2.js"></script><script type="text/javascript" src="../_static/js/cdap-dynamicscrollspy-4.js"></script><script type="text/javascript" src="../_static/js/cdap-version-menu.js"></script><script type="text/javascript" src="../_static/js/copy-to-clipboard.js"></script><script type="text/javascript" src="../_static/js/jquery.mousewheel.min.js"></script><script type="text/javascript" src="../_static/js/jquery.mCustomScrollbar.js"></script><script type="text/javascript" src="../_static/js/js.cookie.js"></script><script type="text/javascript" src="../_static/js/tabbed-parsed-literal-0.2.js"></script><script type="text/javascript" src="../_static/js/cdap-onload-javascript.js"></script><script type="text/javascript" src="../_static/js/cdap-version-menu.js"></script>
    <script src="https://cdap.gitee.io/docs/cdap/json-versions.js"/></script>
  </body>
</html>